Adding an X.509 authenticator - BlueCat Integrity - 26.1.0

Add an X.509 authenticator to Address Manager.

1. Select the Settings tab in the sidebar.
2. Under System security, select Authenticators.
3. Select New > X509 authenticator.
4. On the General tab, set the following parameters:
   • Name—a descriptive name for an X.509 authenticator.
   • Primary server URL—the HTTP URL of the primary OCSP Responder, used for testing the status of client certificates.
5. On the Secondary authenticator tab, set the following parameters:
   • Enable secondary authenticator—select the checkbox to enable a secondary authenticator that will be used if authentication cannot be completed by the primary authenticator. Once selected, the following additional fields appear:
     • Secondary server URL—the URL of the secondary OCSP server. This server will be contacted only if the Primary can't be contacted.
     • LDAP user match option—indicates how matching of users in LDAP is performed. If the value is Custom user prefix match, matching of users in LDAP will be performed using the Subject CN from the client certificate and the attribute specified in the User Prefix field of the LDAP authenticator. If the value is Strict DN match, matching of users in LDAP will be performed using the full Subject DN from the client certificate.
6. On the Certificate tab, set the following parameters:
   • CA certificate upload—upload one or more certificate(s) for the CA(s) issuing client certificates. If an issuing CA is an intermediate (or sub-) CA, the chain of CA certificates up to and including a root CA must also be present. All certificates must be in PEM format, and must be contained in a single file (bundle).
7. In the Change control section, add comments if required.
8. Select Create or Create and add another.